I am using TIdTCPClient & TidTCPServer to sending data from Client to Server Through SSL.
I set the following code at server & Client
*strong text*Server Side
IdServerIOHandlerSSLOpenSSL1.SSLOptions.Mode = sslmServer
IdServerIOHandlerSSLOpenSSL1.SSLOptions.Method = sslvTLSv1
*strong text*Cleint Side
IdSSLIOHandlerSocketOpenSSL1.SSLOptions.Mode = sslmUnassigned
IdSSLIOHandlerSocketOpenSSL1.SSLOptions.Method = sslvTLSv1
Error is error:*1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number at Server Side*
When I am executing the Server Application from Delphi IDE, Error message is shown, After click Continue button it establish the connection
At Server & Client both are using the Same DLL Versions
libeay32.dll - 0.9.8.18
ssleay32.dll - 0.9.8.18
I am using Delphi Version 2010 & Indy Version is 10.5.5.
The above error is not occurred in Same system. It is happend in client system.
the above dlls are placed at Exe Folder.
What am i doing wrong with above code or any wrongly configured..?
thanx in advance
There is no way you can have an established connection after that error occurs. It is an SSL handshake error. OpenSSL would have closed the connection after reporting the error to you.
You are using a bit of an outdated version of Indy. The current version is 10.5.9.
Related
I use Indy TidHTTPServer and TidServerIOHandlerSSLOpenSSL on my server component to handle HTTPS request for command & control.
There are situations where - without any logged errors on the server - client receive an error "SSL handshake failed". I see no reasons on the server and - funny enough - fixes itself sometimes after some time.
Where can I step into the Indy components to see where the problem is? Which events can I use to maybe see something?
Update1 (29.05.2021): An exeption I found throught he handlers suggested by Remy Lebeau is "Error accepting connection with SSL. EOF was observed that violates the protocol". I still cant tell what is causing this, though...
I have had this (or similar) errors in the past when I forgot to put the OpenSSL dll files in the same folder as the executable. You need ssleay32.dll and libeay32.dll.
You can find them on the Indy page (link at the very bottom): https://www.indyproject.org/download/ssl/
I am encountering some problems using some code that worked for ages involving Indy and the download of a web page. I use RAD Studio 10.2 Tokyo.
The web page is as follows:
https://donet.rfi.it/RFIPlatform/showDoc.do?compartimentoHidden=AN&docTypeHidden=CC
The code I am using is part of an application which has the same code since 2011 and it always worked well. The code is as follows:
IDHTTP1.Get('https://donet.rfi.it/RFIPlatform/showDoc.do?compartimentoHidden=AN&docTypeHidden=CC');
I am getting a "Connection Reset by Peer 10054" error since the website went down, some days ago, and when it came up again, the code did not work anymore.
The aforementioned web page can be called from the browser, can even be downloaded with WGET, but Indy is failing.
I tried to play with various options (Cookie Handling, Handle Redirects, HTTPOptions, etc...) and I also updated the SSL libraries to 1.0.2q (Indy cannot use OpenSSL 1.1.0 yet), but the whole thing just doesn't want to work.
Can someone help me figure out what is going on? It has to be for sure something on the website, since the code I use is the same since 2011 and it has always worked. And before that, the same code worked in a similar application since 2008.
Indy's TIdSSLIOHandlerSocketOpenSSL component enables only TLS 1.0 by default. The website in question (https://donet.rfi.it) does not accept TLS 1.0 anymore (probably why it went offline, to update its software), it will accept only TLS 1.1+ now.
TIdHTTP is able to successfully establish a TCP/IP connection to donet.rfi.it:443, but as soon as TIdSSLIOHandlerSocketOpenSSL sends a TLS 1.0 handshake request, the server forcibly closes the TCP connection. You are getting the "connection reset by peer" error while TIdSSLIOHandlerSocketOpenSSL is trying to read the server's handshake response.
You need to configure TIdSSLIOHandlerSocketOpenSSL to enable TLS 1.1 and/or 1.2. You can do that via its SSLOptions.SSLVersions property. Then TIdHTTP.Get() will work again (I tested it).
Im using Delphi XE 5/6, default Indy version, Windows 7. IdMappedPortTCP (component put on Form) redirect local stream from FFmpeg to Twitch.tv and always near 2 hours of streaming i have IdMappedPortTCP1ExceptionSocket Error # 10053
Software caused connection abort. Tried TCPRelay and no problems so i guess something must be wrong in my app. Thanks for suggestions.
10053 is a network error. Most likely a firewall or router is cutting the connection after it is idle for too long. I would try using Indy's TIdEventStream class as explained in the answer to this post:
How to avoid getting an error 10053 (WSAECONNABORTED) if a HttpGet operation in Android is lasting too long?
I am developed one application for sending files client to server using TCP/IP Components using SSL.
Error is Connection Timed Out is occurred when Sending Large Files at Server Side
Server Side (SSL)
idTCPServer1.IOHandler := IdServerIOHandlerSSLOpenSSL1;
OnExecute
Acontext.Connection.IOHandler.LargeStream := True;
Acontext.Connection.IOHandler.ReadStream(filestream,Filesize); // Error is occurred here.
End;
Client Side (SSL)
idTCPClient1.IOHandler := IdSSLIOHandlerSocketOpenSSL1;
idTCPClient1.IOHandler.LargeStream := True;
idTCPClient1.IOHandler.WriteStream(fms,-1,True);
Connection is established between Client & Server. When send the files after some time Connection Timed out is error is shown at server & at client application going to Not Responding .
Here another scenario is when i connect the Client & Server as Normal using IdIOHandlerStack1 (at Client Side) and server side not assign any Handler. Files transfered successfully with out any problem.
I am using Delphi2010 & Indy10.5.5, DLL Version is 0.9.8.18
anyone guide to me
There is no WriteStream() method, there is a TStream overload of the Write() method instead.
You are telling Write() to send the stream size as a 64-bit integer, but you are not telling ReadStream() to read the stream size, so presumably you have read the full 64-bit file size beforehand using ReadInt64(), correct?
Also, 10.5.5 is an outdated version of Indy. The current version is 10.5.9. Try upgrading to make sure you have all of the latest bug fixes and such, and then report back if you are still having problems.
I've written a Windows service in Delphi 2007 using Indy 10 (10.5.8.0) that connects to an email server via IMAP and reads 10 emails, processes them and disconnects.
This is repeated throughout the day.
This works fine as long as the service doesn't connect using SSL/TLS.
When connecting using TLS it seems to work the first time, but gives a "start SSL negotiation failed" error on subsequent attempts.
I'm using the following Indy settings in my service:
FIMAP4.Port := 143
FIMAP4.UseTLS := utUseRequireTLS;
FIdSSLIOHandlerSocketOpenSSL1.SSLOptions.Method := sslvSSLv23;
The email server runs Exchange 2010 and operates TLS on port 143 and SSL on port 993.
I'm using the latest version of the ssl dlls (1.0.1.3).
I'm disconnecting by doing:
FIMAP4.IOHandler.InputBuffer.Clear;
FIMAP4.Disconnect;
UPDATE:
Extract from EurekaLog:
|IdExplicitTLSClientServerBase.pas|TIdExplicitTLSClient|TLSNotAvailable |416[4] |
|IdExplicitTLSClientServerBase.pas|TIdExplicitTLSClient|TLSNotAvailable |412[0] |
|IdExplicitTLSClientServerBase.pas|TIdExplicitTLSClient|ProcessTLSNotAvail|342[2] |
|IdExplicitTLSClientServerBase.pas|TIdExplicitTLSClient|ProcessTLSNotAvail|341[1] |
|IdIMAP4.pas |TIdIMAP4 |Login |1957[16]|
|IdIMAP4.pas |TIdIMAP4 |Connect |2019[28]|
This would seem to indicate TLS is NOT available (I would have expected TLSNotAvailable to raise a
EIdTLSClientTLSNotAvailable.Create(RSTLSSLSSLNotAvailable);
rather than a
EIdTLSClientTLSNotAvailable.Create(RSTLSSLSSLCmdFailed);
but this has led me to wonder if the email server does not support TLS, at least on port 143).
If I don't use TLS, I get a:
EIdReplyIMAP4Error: Command received in Invalid state.
|IdReplyIMAP4.pas |TIdReplyIMAP4 |RaiseReplyError |242[1] |
|IdTCPConnection.pas|TIdTCPConnection|RaiseExceptionForLastCmdResult|576[1] |
|IdIMAP4.pas |TIdIMAP4 |Login |1970[29]|
|IdIMAP4.pas |TIdIMAP4 |Connect |2019[28]|
This seems to be an authentication failed message, although I'm not sure why.
Try using sslvTLSv1 instead of sslvSSLv23.
Fixed!
Two critical settings were wrong:
FIdSSLIOHandlerSocketOpenSSL1.SSLOptions.Method := sslvTLSv1;
FIMAP4.UseTLS := utUseImplicitTLS;
setting these up (still on port 143) resolved the issue.
The latest Indy 10 version works much better at TLS, SSL, IMAP, SMTP, and SASL, than the one that shipped in Delphi 2007. Heck, Delphi 2007 shipped in 2006 at some point, and so the Indy 10 version is a snapshot from 2006, that's SIX YEARS AGO.
Upgrade your Indy10 sources, and then try different SSL options.
You may also have a bad SSL (ssleay, libssl) DLL version. Use the versions recommended on the Indy page.